Sharp criticism of Google in Germany has today prompted the UK's privacy watchdog to quiz the firm over data its Street View cars have collected about Wi-Fi networks.
Officials from the Information Commissioner's Office (ICO) will seek details and assurances about the practice.
A spokeswoman told The Register the ICO had been …

You don't connect via the AP

You con't actually connect via the Access Point to find your location. It uses triangulation of Access Points in the area to guess the location rather than use GPS (It can therefore be used with Laptops).

The system just detects the signals that APs give off to shoe they are available - doesn't matter if they have encryption or not.

It is similar to sitting in the car and trying to tune in your radio. Knowing the, stations, the strength of the signals and which frequency the national stations are tuning to could give you an approximate location of where you are.

@Daf L

Netstumbler? Airodump?

To be fair, Google are only doing what reams of geeks do anyway, only minus the sending out of WPA DEAUTH packets to try and get a handshake. I'd be hasty before condemning them and giving a bunch of legislators the excuse to ban wardriving for everyone.

Geolocation

As far as I can see this data is used in Google Chromes "Wi-Fi Based Geolocation". As they said, the MAC address is viewable by anyone with a Wifi enabled device, anybody can walk down the street with a laptop and see this -- and more (Channel, SSID, etc).

Just looks like another case of government staff having never touched a computer before, and having no idea what they're actually talking about.

FFS...

Google can get a rough geotag by your IP, but if like mine, it tends to be 100 miles out.

Now they potentiall have your mac details.

You search online for car tyres.

It comes back and lists all they car tyre places within 5 miles of you, or worse, tell you that Dave on facebook 3 doors up says you should shop at xyz has he also has a Ford Focus, seen on your drive that day.

Oo-err

It would also seem that Google has already incorporated their database of WiFi addresses into Latitude. Most of the time I connect to the internet through the Ethernet socket in my Manchester University Hall of Residence and my latitude location stays the same for weeks at a time. However when I returned home and connected to the home WiFi, my latitude location updated to my home address every time I refreshed the page, despite the fact that I'd disabled latitude on my phone. Needless to say, streetview crawled my street over the summer and the router is powered on the whole time. Clearly Google has associated my router's MAC to its physical location. I confirmed this theory when I connected to the university WiFi and exactly the same thing happened. Google's nefarious Oglemobiles have clearly also plundered one of our nations' great universities for its digital bounty. Be afraid, be very afraid...

Yep

CIA

My guess this info has been commissioned by the US Government and Google is undertaking this task as a commission. Can you imaging being able to tie up a MAC address with a physical address.

We all know that every colour printer prints the MAC address on every sheet in hidden yellow dots, so when you "register" your nice new printer, they know who owns a printer with MAC address *********

In the UK the poice are routinely collecting APNR data about car movements and mobile phone data is collected as we move from cell to cell. It is getting to the stage where "they " know where you are, who is travelling with you and what computers you use and everything you have written on email and the internet.

Is this news?

I came to the conclusion that the Street View Googlemobiles must also have been wardriving as they trundled around as soon as I downloaded Firefox 3.5 and tried out its geolocation feature - how else would it have been able to work out *exactly* where I live?

Semi-old news?

Errr.... aint this what the iPhones have been using on Google Maps since forever? I remember reading something about Skyhook's Wi-Fi Positioning System (WPS) ages ago being used as 'assisted GPS' even on the first gen iPhones (2G).. so where have they been for the past 3 years and only NOW they realise!

Not A-GPS

Assisted GPS is different, this is using a server to offload some of the initial position processing of the GPS data and compare fix information for a GPS signal. It could utilise other network positioning to help but on a mobile this is more likely to use cell tower information.

Aside from location info

Google magic at its best

I was on a train the other day I had caught in a hurry in a place that I've never visited before. I trying to find out where the train was heading and when i would get there. The GPS in my phone wasn't picking up a signal but luckily the Google Maps app running on my Windows phone tracked my position to the nearest 2Km. This was good enough to reassure me that I was going in the right direction.

Now I know it's the Google car that collects the wifi data. I was wondering how they collected that info.

So long as Google swear never to release the MAC data they've collected I can't see this as a problem or an invasion into anyone's privacy. It's no different to recording street names and a rough GPS coordinate of the street.

dumb as a rock

"We only use information that is publicly broadcast. It doesn't involve accessing the network to send or receive data."

really? so if the 'phone' doesnt recieve any data from your router (re bssid) then how is this information helping the phone find its co-ordinates? inbuilt crystal ball that guesses its near your router?

Duh

Your phone checks for nearby wifi then sends the MAC address of the wifi it finds to Google, who knows where these MACs are (because it found them all while driving past). Google then discards this information and uses it's crystal ball to find out where you are.

Fail

So...

...they're saying they've only catalogued APs that are broadcasting their SSID? Shirley nobody with any common sense would broadcast the SSID of a private WLAN?

I know it's not much of a security solution of itself, but there is really no point in broadcasting the SSID of a private WLAN. Of course the trouble is that most wireless APs and routers broadcast the SSID by default. Of the stuff I work with regularly only Cisco have the common sense not to broadcast the SSID by default. They even go so far as to call the WLAN broadcasting the SSID the "guest" WLAN to give you a clue.

SSID

What this system uses is not the SSID, which is indeed suppressable in the user options, but rather the BSSID which is not suppressable, is part of the IEEE 802.11 specification and in most cases is the fixed MAC address of the AP.

What alarms me most about this story isn't the potential privacy issue but rather just how far behind the curve the ICO and their German counterparts appear to be. When I first got my hands on an iPod Touch last year one of the first things I wondered was how the map app knew where I was without a GPS chip. A bit of research led me to Skyhook and the whole MAC-mapping industry which had been around for several years.

Does nobody at the ICO share my level of curiosity about IT? And if not, can I have one of their jobs please?

I'm confused

"The ICO spokeswoman said British regulators are interested in how the data is being processed and used by Google. If the firm were collecting data on the security settings of Wi-Fi routers, she said, it would be asked to give assurances about what it might do with that information".

Surely all the ICO need do is examine the details which Google must have registered in its application under the Data Protection Acts before commencing collection or processing of the data?

It is not just about mapping hotspots

If a user runs a suitable script from your website, you can get the MAC of their router returned to you. Use the geolocation database and you have just found out where that pesky corporate whistleblower or political dissident blogger is located and you can send the secret police round to get them.

The data is not gathered by WarDriving

A very smart friend of mine from the Czech Republic immediately twigged then I showed him this article that Google is not gathering the location data through WarDriving. That would be highly inefficient and their database would soon age. And if they did it by WarDriving they wouldn't have my friend's MAC address either, as he lives on top of a tall building and there is little chance of picking up his WiFi signal from ground level.

This database is populated with your consent when you agree to the non-gps based services on your Android phone (and possibly others).

The data is not gathered by WarDriving [part 2]

I seem to have a lot of smart friends, another one observed this:

"When using the javascript geolocation API, the user explicitly agrees to use the location service. In firefox, the default location server is, surprise, google. The user actually accepts to send data in order to get the position. This means ip address, mac, wifi macs around, base station (in mobiles), gps, and any other info the might be helpful. Thus, you get your position, and google has all the info around you in exchange. Quite clever. And scary. The users work for them."